Requesting a sanity check on a question of how to structure Google Oauth in my app.
The app I'm trying to build - call it AppX - will let users create an account with the app (ideally with username/password or with Google login), and then the user will be able to connect their AppX account with several of their Google accounts for the sake of pulling up their various calendars. This is handy when, for example, a user has separate personal and work Google accounts, but they want to be able to see both calendars in AppX.
To accomplish this, I was originally going with the oauth2 token model which can happen purely on the client side. I was then going to send the resulting token back to the server to save onto the user object, and then figure out a way to allow the user to do several of these oauths.
However, this SO question is making me think that with that client-side approach, the UX for refreshing the token is jarring for the user. So I'm thinking I actually need to do this on the server-side using these instructions, which will allow me to store the tokens for multiple oauths and create a more transparent refresh token experience.
Is this server-side approach considered best practice?
